Primary

Context

SAP Enterprise Search for ABAP Missing Authorization Check Vulnerability Allowing Unauthorized Data Access

Vulnerability

A vulnerability exists in SAP Enterprise Search for ABAP due to a missing authorization check. This flaw allows an attacker with high privileges to read and export database table contents into an ABAP report. The issue could significantly compromise data confidentiality while having a minor effect on data integrity. There is no impact on the application's availability.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive data, allowing for its export and potential misuse.

Remediation

Users are advised to consult the SAP Security Notes for guidance on applying necessary patches. SAP Security Patch Day occurs on the second Tuesday of each month, where security updates are released. For more information, visit the SAP Security Patch Day website.

Added: Dec 9, 2025, 7:24 PM

Updated: Dec 9, 2025, 7:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

4.8

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

4.8

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP Enterprise Search for ABAP Missing Authorization Check Vulnerability Allowing Unauthorized Data Access

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating